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WHAT IS CXAIMED IS: 



1. 



A metiiod of at least partially securing communications, via a Host Identic 



Protocol, HIP, pxoxy, between a fint host which is not HIP enabled and a second host 
which is HIP enabled, the method comprising: 

sending a query from the first host to resolve die Internet Protocol, IP, address 
of the second host; 

in reqwnse to said quezy, leirieviiig an IP address and Host Identity Tag; HIT, 
associated with the second host, returning fiom the proxy a substitute IP address 
associated with the second host, and maintaining at the proxy a mapping between the 
substitute IP address, the retrieved IP address and the retrieved HIT; and 

* upon receipt of .a session initiation message at the proxy fiom die fi^ 
including as its destination address the substitute IP address, using the mapping to 
- negotiate a secure HIP connection between the proband the second host 

2. A mediod as claimed in claim 1, comprising looking up the retrieved IP address 
and the retrieved HIT fiom the mappmg based on the substitute IP address in the session 
initiation message, and perfonning the HIP negotiation using the retrieved IP address 
and the retrieved HIT to locate and identify the Responder together with an IP address 
and HIT of the proxy to locate and identify the Initiator. 

3. A method as claimed in claim 1 or 2, wherein the retrieved IP address is the IP 
address of a Forwarding Agent used by the second host, and fiirtfaer comprising 
initiating die HIP negotiation between the proxy and the second host by sending the 
initial HIP negotiation packet to die Forwarding Agent 

4. A method as claimed in claim 3, further comprising, following receipt of the 
actual IP address of the second host at the proxy during the HIP negotiation, including 
die actual IP address in the mapping maintained at the proxy. 

5. A method as claimed in claim 4, wherein the retrieved IP address is replaced in 
the mapping by the actual IP address following its receipt at the proxy. 
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6. A method as claimed in claim 1 or 2, wherein the retrieved IP address is fhe 
actual IP address of the second host. 

7. A method as claimed in any preceding claim, &rther conxprisin^ for an 
outgoing message received at the proxy aAer the secure HIP connection has been 
established including as its destination address the substitute IP address, using the 
ms^ping to route the message over the secme HIP connection to the second host 

8. A method as claimed in claim 7, when dependent on claim 4, comprising 
looking up the actual IP address and the retrieved HIT &>m the mapping based on the 
substitute IP address in ihs outgoing message, and routing the ou^oing message to the 
second host using Hie actual IP address and the netpeved HIT to locate and identi:^ tiie 
destination of the mes s^^ and using an Jf acldress and HIT of the proxy to locate and 
identify the source of flie message. 

9. A method as claimed in any preceding claim, further comprising completing the 
establishment of communications between the first and second hosts by forwarding the 
session initiation message from the proxy to the second host over the secure HIP 
connection, replying with a session acknowledgment message from the second host to 
the pro3^ over the secure HIP connection, and routing the session acknowledgment 
message to the first host. 

10. A method as claimed in claim 9, wherein the session acknowledgment message 
is a TCP ACK message. 

11. A method as claimed in any preceding claim, wherein the session initiation 
message is a TCP SYN message. 

12. A method as claimed in any preceding claim, further comprising, for an 
incoming message received at the proxy from the second host over the established 
secure HIP connection, using a NAT function of fhe proxy to route the message to the 
appropriate destination host 
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13. Amediodas claiinedinaiQrpiecediiigclaim, wfaerd^ 

14. A method as claimed in any pxeceding claim, wfaerein the pro;]^ perfozms fte 
step of letrieving tiie IP addiess and HIT associated wilii Ibe second host 

15. A method as claimed in claim 14, wherein the proxy retrieves the IP address and 
HIT associated with the second host fiom an external DNS server. 

16. A method as claimed in claim 1 4, wherein the proxy retrieves the IP address and 
HIT associated with the second host from an internal DNS server. 

17. A method as claimed i^ any precci^ing claim, wherein the proay mtercepts Hie 
DNS query froin the first host. 

18. A communications system comprising a first host which is not Host Identity 
Protocol, HIP, enabled, a second host which is HIP enabled, and a HIP pro3^, wherein: 

the first host comprises means for sending a quety to resolve the Xntemet 
Protocol, IP, address of the second host; 

the proxy comprises means for retrieving, in response to said query, an IP 
address and Host Identity Tag, HIT, associated with the second hos^ for letuming a 
substitute IP address associated with the second host, for maintaining a mapping 
between the substitute IP address, the retrieved IP address and the retrieved HIT, and for 
using the mqjping, upon receipt of a session initiation message fiom the first host 
including as its destination address the substitute IP address, to negotiate a secure HIP 
connection between the proxy and the second host 

19. A method for use by a Host Identity Protocol, HIP, proxy of at least partially 
securing communications, via the proxy, between a first host which is not HIP enabled 
and a second host which is HIP enabled, the method compridng: 

receiving a query fix>m the first host to resolve tiie Ihtemet Protocol, IP, address 
of the second host; 

in response to said query, retrieving an IP address and Host Identity Tag, HIT, 
associated witii the second host, returning a substitute IP address associated with the 
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second host, and maintaining a mapping between the substitute IP address, the retrieved 
IP address and the retrieved HIT; and 



destination address the substitute IP address, using ibe mappisig to negotiate a secure 
HIP connection betvtreen the proxy and fbe second host 

20. . A Host Identity Protocol, HIP, proxy for use in at least partially securing 
communications, via the proxy, between a first bost which is not HIP enabled and a 
second host which is HIP enabled, comprising: 

means for receiving a queiy fiom the first host to resolve the Internet Protocol, 
IP, address of die second hos^ 

means for retrieving,'in response to said queiy, an IP address and Host Identity 
Tag, WlT; associated with the second host, returning a substitute IP address associated 
with the second host, and maintaining a mapping between the substitute IP address, the 
retrieved IP address and the retrieved HIT; and 

means for using the mapping, t^on receipt of a session initiation message finm 
the first host including as its destination address the substitute IP address, to negotiate a 
secure HIP connection b^ween tiie proxy and the second host 

21. An operating program \>^ch, when run on a HIP proxy, causes the proxy to 
carry out a method as claimed in claim 19. 

22. An operating program which, when loaded into a HIP proxy, causes the proxy to 
become one as claimed in claim 20. 

23. An operating program as claimed in claim 21 or 22, carried on a carrier medium. 

24. An operating program as claimed in claim 23, wherein the carrier medium is a 
transmission medium. 

25. An operating program as claimed in claim 23, wherein the carrier medium is a 
storage medium. 



upon receipt of a session initiation message fiom the first host including as its 
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